Analysis
-
max time kernel
150s -
max time network
123s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
12-06-2024 11:36
Behavioral task
behavioral1
Sample
36faa0694618e2199e63379197481860_NeikiAnalytics.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
36faa0694618e2199e63379197481860_NeikiAnalytics.exe
Resource
win10v2004-20240611-en
General
-
Target
36faa0694618e2199e63379197481860_NeikiAnalytics.exe
-
Size
118KB
-
MD5
36faa0694618e2199e63379197481860
-
SHA1
2001c20e6c9c5713292ddfa108312550e32c607a
-
SHA256
c16e290fddb1a1d05ab9c4e9ac55ba79ccb577081cde659082316ac6993445f0
-
SHA512
1274ed9b1bd7972d2baad3785a77beefc58f1e8f8d9bd805224f417c6bd5596eb0e6966a6e6365dc5e71d7119f6e369c5aff144c10eaff5ea866d5e7ff4973f6
-
SSDEEP
1536:Isz1++PJHJXFAIuZAIuekc9zBfA1OjBWgOI3uicwa+shcBEN2iqxtdSCow8hflik:hfAIuZAIuYSMjoqtMHfhflixih
Malware Config
Signatures
-
Renames multiple (4863) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Processes:
resource yara_rule behavioral2/memory/3612-0-0x0000000000400000-0x000000000040A000-memory.dmp upx C:\$Recycle.Bin\S-1-5-21-200405930-3877336739-3533750831-1000\desktop.ini.tmp upx C:\Program Files\7-Zip\7-zip.dll.tmp upx behavioral2/memory/3612-964-0x0000000000400000-0x000000000040A000-memory.dmp upx -
Drops file in Program Files directory 64 IoCs
Processes:
36faa0694618e2199e63379197481860_NeikiAnalytics.exedescription ioc process File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Excel.BackEnd.dll.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\System.Windows.Forms.Design.resources.dll.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\Microsoft.WindowsDesktop.App.deps.json.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Retail-ul-phn.xrm-ms.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Retail-ul-oob.xrm-ms.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\DATATRANSFORMERWRAPPER.DLL.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Data.OData.NetFX35.dll.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-multibyte-l1-1-0.dll.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\UIAutomationClientSideProviders.resources.dll.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\System.Windows.Forms.Design.resources.dll.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\bin\instrument.dll.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Grace-ul-oob.xrm-ms.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp4-pl.xrm-ms.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\TellMePowerPoint.nrr.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.scale-180.png.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\de.txt.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.es-es.dll.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\System.Windows.Controls.Ribbon.resources.dll.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\lib\ext\access-bridge-64.jar.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.osmmui.msi.16.en-us.xml.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL110.XML.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-conio-l1-1-0.dll.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\ORGCINTL.DLL.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\MEDIA\WHOOSH.WAV.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL095.XML.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe File created C:\Program Files\7-Zip\Lang\ka.txt.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe File created C:\Program Files\Common Files\System\ado\de-DE\msader15.dll.mui.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\ReachFramework.resources.dll.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\bin\vcruntime140_1.dll.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\lib\deploy\messages_pt_BR.properties.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\ecc.md.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe File created C:\Program Files\Common Files\microsoft shared\ink\ipssrb.xml.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\bin\tnameserv.exe.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\OneNote\prnSendToOneNote_win7.cat.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\PROOF\MSSP7ES.dub.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Compression.ZipFile.dll.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Linq.Expressions.dll.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\ZeroByteFile.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription5-pl.xrm-ms.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_OEM_Perp-ul-oob.xrm-ms.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\MEDIA\SUCTION.WAV.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\bin\wsimport.exe.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\jre\bin\dt_socket.dll.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-errorhandling-l1-1-0.dll.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Trial2-ppd.xrm-ms.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest2-pl.xrm-ms.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Common.Wizard.dll.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Windows.Forms.resources.dll.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe File created C:\Program Files\dotnet\ThirdPartyNotices.txt.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Office 2007 - 2010.xml.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_KMS_Client_AE-ppd.xrm-ms.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Trial-pl.xrm-ms.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\System.Windows.Forms.Primitives.resources.dll.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\bin\jdb.exe.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Retail-ppd.xrm-ms.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Office16\1033\PREVIEWTEMPLATE2.POTX.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Private.DataContractSerialization.dll.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\WindowsBase.resources.dll.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\PresentationUI.resources.dll.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Retail-ul-phn.xrm-ms.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial2-pl.xrm-ms.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\UIAutomationProvider.dll.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-debug-l1-1-0.dll.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_OEM_Perp-pl.xrm-ms.tmp 36faa0694618e2199e63379197481860_NeikiAnalytics.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
118KB
MD52f5278645b48b1807a213d978a81184f
SHA1b12fac8111796880f48de9f07e59a19073ca7f90
SHA256c40012dfbd3a1f99a9d240d07f2342e985059f823354ef9816adfc27e829ace1
SHA512f391a32079b43a62a64acb0ee3f51286e0943f134e6e057e0036ad2fa89bd15d2bdc2d0742cd02d32f492253fb828911d3037a518f07264d893c05dc3ee512e1
-
Filesize
217KB
MD5966cd34ce0a5c487c4da5d8a03de4ee9
SHA15b9e45ad71ba36db55d66955f976949fa6f82749
SHA25629b342adc2d851249a677760b68d5f7fd41ffcee9189660381582222e2e609d4
SHA5126a0674da3e2bf0ac702e69989ffb7e061c58099c3c9d0469fe5cafd3284cb32a6fa558e31c79f0cedc77be7ce3a233253fdc07c7e810c917ba778d72836a5f27